Skip to content

Commit

Permalink
bom command documentation
Browse files Browse the repository at this point in the history
This commit adds the raw documentation for bom and
its only subcommand: generate.

The format mimics previous docs for our tools (like krel).

Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
  • Loading branch information
puerco committed Jun 7, 2021
1 parent 684c7de commit 1e7377a
Show file tree
Hide file tree
Showing 6 changed files with 505 additions and 5 deletions.
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ Individual tools can be installed via `go install k8s.io/release/cmd/$TOOL@lates
- [`gh2gcs`](#gh2gcs)
- [`vulndash`](#vulndash)
- [End User](#end-user)
- [`bom`](#bom)
- [`release-notes`](#release-notes)
- [`gcbuilder`](#gcbuilder)
- [`publish-release`](#publish-release)
Expand Down Expand Up @@ -109,6 +110,13 @@ Details: [Documentation](/docs/vuln-dashboard.md)

## End User

### [`bom`](/cmd/bom)

Generate SPDX-compliant Bills of Materials for a software
project. Supports reading directories, images, files and more.

Details: [Documentation](cmd/bom/README.md) | [SBOM HOWTO](docs/bom/create-a-bill-of-materials.md)

### [`release-notes`](/cmd/release-notes)

Scrape GitHub pull requests for release notes.
Expand Down
11 changes: 6 additions & 5 deletions cmd/bom/README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
# bom (Bill of Materials)
## A utility to generate SPDX compliant Bill of Materials manifests.

bom is a tiny utility that leverages the code written for the Kubernetes
`bom` is a tiny utility that leverages the code written for the Kubernetes
Bill of Materials project. It enables software authors to generate an
SBOM for their projects in a simple, yet powerful way.

[![asciicast](https://asciinema.org/a/418528.svg)](https://asciinema.org/a/418528)
![terminal demo](../../docs/bom/cast.svg "Terminal demo")


`bom` is a general-purpose tool that can generate SPDX packages from
directories, docker images, single files, and other sources. The utility
directories, container images, single files, and other sources. The utility
has a built-in license classifier that recognizes the 400+ licenses in
the SPDX catalog.

Expand Down Expand Up @@ -46,14 +47,14 @@ describing different packages.

### Generate an SBOM from the Current Directory:

To process a directory as a source for your SBOM, use the -d flag or simply pass
To process a directory as a source for your SBOM, use the `-d` flag or simply pass
the path as the first argument to `bom`:

```bash
bom generate -n http://example.com/ .
```

### Process a Docker Image
### Process a Container Image

This example pulls the kube-apiserver image, analyzes it, and describes in the
SBOM. Each of its layers are then expressed as a subpackage in the resulting
Expand Down
Loading

0 comments on commit 1e7377a

Please sign in to comment.